General

  • Target

    MyCanal checker.exe.bin

  • Size

    69.0MB

  • Sample

    230501-ykwg9sgb66

  • MD5

    faf61a8a3546d7a2cb3d93c1488fd7e5

  • SHA1

    981561e300dd93e4c0da020a7315ba3eb7d5f6ee

  • SHA256

    ffe1acbd8d116d0dce879fe200bebe340ce53e714209213b35c585943f90dedb

  • SHA512

    90e931adad2682ccd78ba8e8353dff9b3132be18ca187663a459f48b76ab3773d36de9a39827a9c4765557a9640760ac57ddd09c793d5f265fddaf8fbd1c8ac9

  • SSDEEP

    1572864:tjddGverSIT+rQEJBvHufCVrzScUAtMqjybSU6o/y:VGv2SICr5HWaVlrtpGAl

Malware Config

Targets

    • Target

      MyCanal checker.exe.bin

    • Size

      69.0MB

    • MD5

      faf61a8a3546d7a2cb3d93c1488fd7e5

    • SHA1

      981561e300dd93e4c0da020a7315ba3eb7d5f6ee

    • SHA256

      ffe1acbd8d116d0dce879fe200bebe340ce53e714209213b35c585943f90dedb

    • SHA512

      90e931adad2682ccd78ba8e8353dff9b3132be18ca187663a459f48b76ab3773d36de9a39827a9c4765557a9640760ac57ddd09c793d5f265fddaf8fbd1c8ac9

    • SSDEEP

      1572864:tjddGverSIT+rQEJBvHufCVrzScUAtMqjybSU6o/y:VGv2SICr5HWaVlrtpGAl

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks